aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server
diff options
context:
space:
mode:
authorEmil Renner Berthing <esmil@labitat.dk>2018-09-26 12:55:55 +0200
committerEmil Renner Berthing <esmil@labitat.dk>2018-09-26 13:00:05 +0200
commit72e69659fe0a51bf2e61cebdb0b3c66ee9e564ba (patch)
tree75e17b22d32d3cce3149498ad1555800b12edd47 /roles/space_server
parentae254b596f6e12601e0f6b206d09b87e5a9b480d (diff)
downloadlabitat-ansible-72e69659fe0a51bf2e61cebdb0b3c66ee9e564ba.tar.gz
labitat-ansible-72e69659fe0a51bf2e61cebdb0b3c66ee9e564ba.tar.xz
labitat-ansible-72e69659fe0a51bf2e61cebdb0b3c66ee9e564ba.zip
Format yaml lists like yaml.org
Diffstat (limited to 'roles/space_server')
-rw-r--r--roles/space_server/defaults/main.yml138
-rw-r--r--roles/space_server/handlers/main.yml4
-rw-r--r--roles/space_server/meta/main.yml4
-rw-r--r--roles/space_server/tasks/ansible.yml30
-rw-r--r--roles/space_server/tasks/avahi.yml114
-rw-r--r--roles/space_server/tasks/bird.yml23
-rw-r--r--roles/space_server/tasks/blackhole.yml2
-rw-r--r--roles/space_server/tasks/dhcpd.yml4
-rw-r--r--roles/space_server/tasks/kernel.yml6
-rw-r--r--roles/space_server/tasks/main.yml2
-rw-r--r--roles/space_server/tasks/networkd.yml5
-rw-r--r--roles/space_server/tasks/nftables.yml6
-rw-r--r--roles/space_server/tasks/radius.yml41
-rw-r--r--roles/space_server/tasks/radvd.yml4
-rw-r--r--roles/space_server/tasks/sshd.yml12
-rw-r--r--roles/space_server/tasks/sudo.yml2
-rw-r--r--roles/space_server/tasks/unbound.yml4
17 files changed, 199 insertions, 202 deletions
diff --git a/roles/space_server/defaults/main.yml b/roles/space_server/defaults/main.yml
index 121a927..2acf33d 100644
--- a/roles/space_server/defaults/main.yml
+++ b/roles/space_server/defaults/main.yml
@@ -33,74 +33,74 @@ root:
device: 'LABEL=BTRFS'
options: 'noatime,ssd,compress=lzo'
local_hosts:
- - name: ap
- mac: 00:0f:23:94:43:0b
- mdns: false
- ips:
- - 10.42.0.2
- - name: doorputer
- mac: 00:b3:f6:00:36:be
- mdns: false
- ips:
- - 10.42.0.3
- - name: foodputer
- mac: 00:d0:59:37:5e:37
- mdns: false
- ips:
- - 10.42.0.4
- - name: ap1
- mdns: false
- ips:
- - 10.42.0.5
- - name: ap2
- mdns: false
- ips:
- - 10.42.0.6
- - 10.42.0.7
- - name: switch
- mac: 00:1b:11:6f:42:f8
- mdns: false
- ips:
- - 10.42.0.9
- - name: lathe
- mdns: false
- ips:
- - 10.42.0.12
- - name: anna
- mac: 00:e0:c5:6e:d6:8d
- ips:
- - 10.42.1.9
- - name: printbrother
- mac: 00:80:77:06:9f:26
- ips:
- - 10.42.1.32
- - name: infotron
- description: Infoscreen Raspberry Pi
- mac: b8:27:eb:2c:5d:3a
- ips:
- - 10.42.1.34
- - name: spacemon
- mac: b8:27:eb:24:f8:50
- ips:
- - 10.42.1.35
- - name: jumbotron
- description: Jumbotron Raspberry Pi
- mac: b8:27:eb:d3:c1:62
- mdns: false
- ips:
- - 10.42.1.36
- - name: hplaserjet
- mac: 94:57:a5:ce:e2:6c
- mdns: false
- ips:
- - 10.42.1.37
- - 2a01:4260:1ab:b:9657:a5ff:fece:e26c
- - name: labisound
- mac: 00:16:e6:f7:43:b0
- ips:
- - 10.42.1.40
- - name: sound
- ips:
- - 10.42.1.80
+- name: ap
+ mac: 00:0f:23:94:43:0b
+ mdns: false
+ ips:
+ - 10.42.0.2
+- name: doorputer
+ mac: 00:b3:f6:00:36:be
+ mdns: false
+ ips:
+ - 10.42.0.3
+- name: foodputer
+ mac: 00:d0:59:37:5e:37
+ mdns: false
+ ips:
+ - 10.42.0.4
+- name: ap1
+ mdns: false
+ ips:
+ - 10.42.0.5
+- name: ap2
+ mdns: false
+ ips:
+ - 10.42.0.6
+ - 10.42.0.7
+- name: switch
+ mac: 00:1b:11:6f:42:f8
+ mdns: false
+ ips:
+ - 10.42.0.9
+- name: lathe
+ mdns: false
+ ips:
+ - 10.42.0.12
+- name: anna
+ mac: 00:e0:c5:6e:d6:8d
+ ips:
+ - 10.42.1.9
+- name: printbrother
+ mac: 00:80:77:06:9f:26
+ ips:
+ - 10.42.1.32
+- name: infotron
+ description: Infoscreen Raspberry Pi
+ mac: b8:27:eb:2c:5d:3a
+ ips:
+ - 10.42.1.34
+- name: spacemon
+ mac: b8:27:eb:24:f8:50
+ ips:
+ - 10.42.1.35
+- name: jumbotron
+ description: Jumbotron Raspberry Pi
+ mac: b8:27:eb:d3:c1:62
+ mdns: false
+ ips:
+ - 10.42.1.36
+- name: hplaserjet
+ mac: 94:57:a5:ce:e2:6c
+ mdns: false
+ ips:
+ - 10.42.1.37
+ - 2a01:4260:1ab:b:9657:a5ff:fece:e26c
+- name: labisound
+ mac: 00:16:e6:f7:43:b0
+ ips:
+ - 10.42.1.40
+- name: sound
+ ips:
+ - 10.42.1.80
# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/handlers/main.yml b/roles/space_server/handlers/main.yml
index 5ecb341..54c8f76 100644
--- a/roles/space_server/handlers/main.yml
+++ b/roles/space_server/handlers/main.yml
@@ -28,8 +28,8 @@
name: '{{ item }}.service'
state: restarted
with_items:
- - bird
- - bird6
+ - bird
+ - bird6
when: not chroot
- name: restart dhcpd
diff --git a/roles/space_server/meta/main.yml b/roles/space_server/meta/main.yml
index 2739dff..dd1ff51 100644
--- a/roles/space_server/meta/main.yml
+++ b/roles/space_server/meta/main.yml
@@ -1,6 +1,6 @@
---
dependencies:
- - role: fedora
- - role: users
+- role: fedora
+- role: users
# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/tasks/ansible.yml b/roles/space_server/tasks/ansible.yml
index b37b1ca..209cb5b 100644
--- a/roles/space_server/tasks/ansible.yml
+++ b/roles/space_server/tasks/ansible.yml
@@ -14,20 +14,20 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
- - section: defaults
- option: 'gathering'
- value: 'smart'
- - section: defaults
- option: 'fact_caching'
- value: 'jsonfile'
- - section: defaults
- option: 'fact_caching_connection'
- value: '/tmp/ansible'
- - section: defaults
- option: 'fact_caching_timeout'
- value: '600'
- - section: defaults
- option: 'error_on_missing_handler'
- value: 'True'
+ - section: defaults
+ option: 'gathering'
+ value: 'smart'
+ - section: defaults
+ option: 'fact_caching'
+ value: 'jsonfile'
+ - section: defaults
+ option: 'fact_caching_connection'
+ value: '/tmp/ansible'
+ - section: defaults
+ option: 'fact_caching_timeout'
+ value: '600'
+ - section: defaults
+ option: 'error_on_missing_handler'
+ value: 'True'
# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml
index c8baa77..59a8836 100644
--- a/roles/space_server/tasks/avahi.yml
+++ b/roles/space_server/tasks/avahi.yml
@@ -7,7 +7,7 @@
- avahi-tools # pulls in avahi package
- nss-mdns
tags:
- - packages
+ - packages
- name: Configure avahi-daemon
ini_file:
@@ -17,62 +17,62 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
- - section: server
- option: 'host-name'
- value: '{{ hostname }}'
- - section: server
- option: 'domain-name'
- value: 'local'
- - section: server
- option: 'browse-domains'
- value: ''
- - section: server
- option: 'use-ipv4'
- value: 'yes'
- - section: server
- option: 'use-ipv6'
- value: 'yes'
- - section: server
- option: 'allow-interfaces'
- value: 'lan11,lan12,lan14'
- - section: server
- option: 'enable-dbus'
- value: 'yes'
- - section: server
- option: 'disallow-other-stacks'
- value: 'yes'
- - section: wide-area
- option: 'enable-wide-area'
- value: 'yes'
- - section: publish
- option: 'disable-publishing'
- value: 'no'
- - section: publish
- option: 'disable-user-service-publishing'
- value: 'no'
- - section: publish
- option: 'publish-addresses'
- value: 'yes'
- - section: publish
- option: 'publish-hinfo'
- value: 'yes'
- - section: publish
- option: 'publish-workstation'
- value: 'no'
- - section: publish
- option: 'publish-domain'
- value: 'yes'
- - section: publish
- option: 'publish-dns-servers'
- value: '185.38.175.0,2a01:4260:1ab::'
- - section: publish
- option: 'publish-resolv-conf-dns-servers'
- value: 'no'
- - section: reflector
- option: 'enable-reflector'
- value: 'yes'
+ - section: server
+ option: 'host-name'
+ value: '{{ hostname }}'
+ - section: server
+ option: 'domain-name'
+ value: 'local'
+ - section: server
+ option: 'browse-domains'
+ value: ''
+ - section: server
+ option: 'use-ipv4'
+ value: 'yes'
+ - section: server
+ option: 'use-ipv6'
+ value: 'yes'
+ - section: server
+ option: 'allow-interfaces'
+ value: 'lan11,lan12,lan14'
+ - section: server
+ option: 'enable-dbus'
+ value: 'yes'
+ - section: server
+ option: 'disallow-other-stacks'
+ value: 'yes'
+ - section: wide-area
+ option: 'enable-wide-area'
+ value: 'yes'
+ - section: publish
+ option: 'disable-publishing'
+ value: 'no'
+ - section: publish
+ option: 'disable-user-service-publishing'
+ value: 'no'
+ - section: publish
+ option: 'publish-addresses'
+ value: 'yes'
+ - section: publish
+ option: 'publish-hinfo'
+ value: 'yes'
+ - section: publish
+ option: 'publish-workstation'
+ value: 'no'
+ - section: publish
+ option: 'publish-domain'
+ value: 'yes'
+ - section: publish
+ option: 'publish-dns-servers'
+ value: '185.38.175.0,2a01:4260:1ab::'
+ - section: publish
+ option: 'publish-resolv-conf-dns-servers'
+ value: 'no'
+ - section: reflector
+ option: 'enable-reflector'
+ value: 'yes'
notify:
- - restart avahi-daemon
+ - restart avahi-daemon
- name: Configure hosts
template:
@@ -82,7 +82,7 @@
group: root
mode: 0644
notify:
- - restart avahi-daemon
+ - restart avahi-daemon
- name: Enable avahi-daemon service
systemd:
diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml
index 340bfc2..cdf402b 100644
--- a/roles/space_server/tasks/bird.yml
+++ b/roles/space_server/tasks/bird.yml
@@ -4,10 +4,10 @@
name: '{{ item }}'
state: present
with_items:
- - bird
- - bird6
+ - bird
+ - bird6
tags:
- - packages
+ - packages
- name: Make sure /etc/bird exists
file:
@@ -23,10 +23,9 @@
owner: root
group: root
mode: 0644
- with_fileglob:
- - 'bird/*'
+ with_fileglob: 'bird/*'
notify:
- - restart bird
+ - restart bird
- name: Create bird.conf and bird6.conf symlinks
file:
@@ -35,8 +34,8 @@
state: link
force: yes
with_items:
- - bird
- - bird6
+ - bird
+ - bird6
# bird6 wants the link to have a link-local address
# when starting, so wait for it
@@ -62,16 +61,16 @@
masked: no
state: started
with_items:
- - bird
- - bird6
+ - bird
+ - bird6
when: not chroot
- name: '- when in chroot'
command: 'systemctl enable {{ item }}.service'
args:
creates: '/etc/systemd/system/multi-user.target.wants/{{ item }}.service'
with_items:
- - bird
- - bird6
+ - bird
+ - bird6
when: chroot
# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/tasks/blackhole.yml b/roles/space_server/tasks/blackhole.yml
index bd79f37..7c3b510 100644
--- a/roles/space_server/tasks/blackhole.yml
+++ b/roles/space_server/tasks/blackhole.yml
@@ -14,7 +14,7 @@
group: root
mode: 0755
notify:
- - restart blackhole
+ - restart blackhole
- name: Install blackhole service
copy:
diff --git a/roles/space_server/tasks/dhcpd.yml b/roles/space_server/tasks/dhcpd.yml
index 9c5c2ad..cd09a04 100644
--- a/roles/space_server/tasks/dhcpd.yml
+++ b/roles/space_server/tasks/dhcpd.yml
@@ -4,7 +4,7 @@
name: dhcp-server
state: present
tags:
- - packages
+ - packages
- name: Configure dhcpd
template:
@@ -14,7 +14,7 @@
group: root
mode: 0644
notify:
- - restart dhcpd
+ - restart dhcpd
- name: Enable dhcpd service
systemd:
diff --git a/roles/space_server/tasks/kernel.yml b/roles/space_server/tasks/kernel.yml
index 1725541..b87bccc 100644
--- a/roles/space_server/tasks/kernel.yml
+++ b/roles/space_server/tasks/kernel.yml
@@ -7,8 +7,8 @@
group: root
mode: 0755
with_items:
- - '/etc/kernel'
- - '/etc/kernel/install.d'
+ - '/etc/kernel'
+ - '/etc/kernel/install.d'
- name: Mask grubby
file:
@@ -38,6 +38,6 @@
name: kernel
state: present
tags:
- - packages
+ - packages
# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml
index bbec9f6..0a0aed0 100644
--- a/roles/space_server/tasks/main.yml
+++ b/roles/space_server/tasks/main.yml
@@ -7,7 +7,7 @@
group: root
mode: 0644
tags:
- - fstab
+ - fstab
- import_tasks: ansible.yml
tags: ansible
diff --git a/roles/space_server/tasks/networkd.yml b/roles/space_server/tasks/networkd.yml
index bd44638..fcca317 100644
--- a/roles/space_server/tasks/networkd.yml
+++ b/roles/space_server/tasks/networkd.yml
@@ -13,10 +13,9 @@
owner: root
group: root
mode: 0644
- with_fileglob:
- - 'networkd/network/*'
+ with_fileglob: 'networkd/network/*'
notify:
- - restart networkd
+ - restart networkd
- name: Create systemd-networkd-wait-online drop-in directory
file:
diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml
index 726143c..73e9251 100644
--- a/roles/space_server/tasks/nftables.yml
+++ b/roles/space_server/tasks/nftables.yml
@@ -12,7 +12,7 @@
name: nftables
state: present
tags:
- - packages
+ - packages
- name: Symlink to /etc/nftables.conf
file:
@@ -21,7 +21,7 @@
state: link
force: yes
notify:
- - reload nftables
+ - reload nftables
- name: Configure nftables
copy:
dest: '/etc/nftables.conf'
@@ -30,7 +30,7 @@
group: root
mode: 0644
notify:
- - reload nftables
+ - reload nftables
- name: Enable nftables service
systemd:
diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml
index 021a9bc..521f6ae 100644
--- a/roles/space_server/tasks/radius.yml
+++ b/roles/space_server/tasks/radius.yml
@@ -3,30 +3,29 @@
dnf:
name: '{{ item }}'
state: present
- with_fileglob:
- - 'radius/freeradius-assha-*.fc{{ ansible_distribution_major_version }}.*.rpm'
+ with_fileglob: 'radius/freeradius-assha-*.fc{{ ansible_distribution_major_version }}.*.rpm'
tags:
- - packages
+ - packages
- name: Make sure curl and diffutils are installed
dnf:
name: '{{ item }}'
state: present
with_items:
- - curl
- - diffutils
+ - curl
+ - diffutils
tags:
- - packages
+ - packages
- name: Disable default site
file:
path: '/etc/raddb/sites-enabled/{{ item }}'
state: absent
with_items:
- - default
- - inner-tunnel
+ - default
+ - inner-tunnel
notify:
- - restart radiusd
+ - restart radiusd
- name: Configure radiusd
copy:
dest: '/etc/raddb/{{ item }}'
@@ -35,12 +34,12 @@
group: radiusd
mode: 0640
with_items:
- - radiusd.conf
- - mods-available/eap
- - sites-available/labitat
- - sites-available/labitat-inner
+ - radiusd.conf
+ - mods-available/eap
+ - sites-available/labitat
+ - sites-available/labitat-inner
notify:
- - restart radiusd
+ - restart radiusd
- name: Configure radius clients
template:
dest: '/etc/raddb/clients.conf'
@@ -49,7 +48,7 @@
group: radiusd
mode: 0640
notify:
- - restart radiusd
+ - restart radiusd
- name: Enable labitat site
file:
path: '/etc/raddb/sites-enabled/{{ item }}'
@@ -59,10 +58,10 @@
group: radiusd
force: yes
with_items:
- - labitat
- - labitat-inner
+ - labitat
+ - labitat-inner
notify:
- - restart radiusd
+ - restart radiusd
- name: Create getusers script
template:
@@ -79,10 +78,10 @@
group: root
mode: 0644
with_items:
- - getusers.service
- - getusers.timer
+ - getusers.service
+ - getusers.timer
notify:
- - restart getusers
+ - restart getusers
- name: Enable getusers timer
systemd:
diff --git a/roles/space_server/tasks/radvd.yml b/roles/space_server/tasks/radvd.yml
index 668750e..a3346eb 100644
--- a/roles/space_server/tasks/radvd.yml
+++ b/roles/space_server/tasks/radvd.yml
@@ -4,7 +4,7 @@
name: radvd
state: present
tags:
- - packages
+ - packages
- name: Configure radvd
copy:
@@ -14,7 +14,7 @@
group: root
mode: 0644
notify:
- - restart radvd
+ - restart radvd
- name: Create service drop-in directory
file:
diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml
index efbfa97..aaf6452 100644
--- a/roles/space_server/tasks/sshd.yml
+++ b/roles/space_server/tasks/sshd.yml
@@ -4,7 +4,7 @@
name: openssh-server
state: present
tags:
- - packages
+ - packages
- name: Configure sshd
lineinfile:
@@ -12,12 +12,12 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
with_items:
- - regexp: '^PasswordAuthentication'
- line: 'PasswordAuthentication no'
- - regexp: '^#*GSSAPIAuthentication'
- line: 'GSSAPIAuthentication no'
+ - regexp: '^PasswordAuthentication'
+ line: 'PasswordAuthentication no'
+ - regexp: '^#*GSSAPIAuthentication'
+ line: 'GSSAPIAuthentication no'
notify:
- - restart sshd
+ - restart sshd
- name: Enable sshd service
systemd:
diff --git a/roles/space_server/tasks/sudo.yml b/roles/space_server/tasks/sudo.yml
index e8801a6..f5f0444 100644
--- a/roles/space_server/tasks/sudo.yml
+++ b/roles/space_server/tasks/sudo.yml
@@ -4,7 +4,7 @@
name: sudo
state: present
tags:
- - packages
+ - packages
- name: Install sudoers file
copy:
diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml
index e4f575a..c384635 100644
--- a/roles/space_server/tasks/unbound.yml
+++ b/roles/space_server/tasks/unbound.yml
@@ -4,7 +4,7 @@
name: unbound
state: present
tags:
- - packages
+ - packages
- name: Configure unbound
template:
@@ -14,7 +14,7 @@
group: root
mode: 0644
notify:
- - restart unbound
+ - restart unbound
- name: Enable unbound service
systemd: